2nd International Workshop on Assurance Cases for Software-intensive Systems

Hotel RC - Catalana Room

ASSURE Welcome and Keynote

Wednesday, Nov. 5, 09:00 - 10:00

Chairs: Ewen Denney & Ibrahim Habli

1.     Introduction

2.     David Higham. Keynote Talk: Challanges and Trends for Automotive Safety Assurance


ASSURE #1: Principles and Techniques

Wednesday, Nov. 5, 10:00 - 10:30

Chair: Ewen Denney

1.     Valentin Cassano and Tom Maibaum. The Definition and Assessment of a Safety Argument


ASSURE #1: Principles and Techniques (Continued)

Wednesday, Nov. 5, 11:00 - 12:30

Chair: Ewen Denney

1.     Robin Bloomfield and Kateryna Netkachova. Building Blocks for Assurance Cases

2.     Kenji Taguchi, Daisuke Souma, Hideaki Nishihara and Toshinori Takai. Linking Traceability with GSN

3.     Khana Chindamaikul, Toshinori Takai and Hajimu Iida. Using the Information from an Issue Tracking System for Constructing Assurance Cases


ASSURE #2: Processes and Tools

Wednesday, Nov. 5, 14:00 - 15:30

Chair: Ibrahim Habli

1.     Barbara Gallina. A Model-driven Safety Certification Method for Process Compliance

2.     Eui-Sub Kim, Junbeom Yoo, Jong Gyun Choi, Young Jun Lee and Jang-Soo Lee. A Technique for Demonstrating Safety and Correctness of Program Translators: Strategy and Case Study

3.     John Knight, Anthony Aiello, Ashlie Hocking and Jonathan Rowanhill. SCT: A Safety Case Toolkit


ASSURE #3: Applications

Wednesday, Nov. 5, 16:00 - 17:00

Chair: Ewen Denney

1.     Anita Finnegan and Fergal McCaffery. A Security Argument Pattern for Medical Device Assurance Cases

2.     Ben Hocking, John Knight, Tony Aiello and Shin’ichi Shiraishi. Arguing Software Compliance With ISO 26262


ASSURE #4: Panel Discussion & Wrap-up

Wednesday, Nov. 5, 17:00 - 18:00

Chairs: Ibrahim Habli & Ewen Denney

1.     Panel: Formalism, Automation, and Tool Support for Assurance Cases

2.     Wrap-up

The Definition and Assessment of a Safety Argument
That safety cases are gaining prominence in safety regimes and regulations is a claim that, nowadays, may go more or less unchallenged.In brief, a safety case intends to make an explicit and compelling case that a system under consideration is safe for its intended use.When understood in this sense, the notion of a safety argument becomes one of the key elements of a properly formulated safety case.Herein, in what may be seen as work in progress, we comment on some preliminary thoughts regarding the challenges one must face in order to provide an adequate and sensible definition of what would count as being a safety argument.We contend that, without such a definition, the assessment of a safety argument is well-nigh impossible.

Building Blocks for Assurance Cases
The paper introduces an approach to structuring assurance cases using specially-designed CAE building blocks. The blocks are derived from an empirical analysis of the real case structures and can standardise the presentation of assurance cases by simplifying their architecture. CAE building blocks might also increase the precision and efficiency of the claims in arguments and can be used as self-contained reusable components of formal and semi-formal assurance cases.

Linking Traceability with GSN
Regulations/standards for safety critical systems mandate the submission of safety cases. Even though safety cases are the basic framework for assuring the safety of systems, how they fit into other methods/techniques which ensure the quality of the system is not certain. Ensuring traceability is of particular importance, since traceability can help analyze relationships between artifacts (evidence in safety cases) in meaningful ways. However, it is not well understood how traceability and safety cases are related and how they can benefit each other. To remedy this situation, we present a meta-model which describes the relationship between the two and present a case study taken from IEC 62278/EN 50126 from railway systems to show how traceability and safety cases benefit each other in this paper.

Retrieving Information from a Document Repository for Constructing Assurance Cases
We address the problem of constructing an assurance case by presenting an approach to extract information from a large set of documents. In the proposed approach, document retrieval and formal concept analysis techniques are systematically combined for assisting users to explore relevant information from huge data set and to understand a number of concepts in such data set with the relation among them. We perform an experiment with a data set from an open-source software development project, in order to evaluate the effectiveness of our approach. The experimental results suggest that the proposed approach can be effective in terms of reducing the time and the cost for constructing assurance cases with acceptable confidence level, indicated by some assurance case quality metrics.

A Model-driven Safety Certification Method for Process Compliance
A safety case is a contextualized structured argu- ment constituted of process and product-based sub-arguments to show that a system is acceptably safe. The creation of a safety case is an extremely time-consuming and costly activity needed for certification purposes. To reduce time and cost, reuse as well as automatic generation possibilities represent urgent research directions. In this paper, we focus on safety processes mandated by prescriptive standards and we identify process- related structures from which process-based arguments (those aimed at showing that a required development process has been applied according to the standard) can be generated and more easily reused. Then, we propose a model-driven safety certification method to derive those arguments as goal structures given in Goal Structuring Notation from process models given in compliance with Software Process Engineering Meta-model 2.0. The method is illustrated by generating process-based arguments in the context of ISO 26262.

A Technique for Demonstrating Safety and Correctness of Program Translators: Strategy and Case Study
The safety and correctness demonstration of program translators plays a critical role in software certification of digital I&C (Instrumentation & Control) systems in nuclear power plants. This paper proposes a strategy for the demonstration of the FBDtoVerilog translator, which translates FBD programs into Verilog programs to synthesize FPGAs. It uses safety case to explain the strategy precisely and also implemented several supporting tools to derive evidences efficiently. A case study of a Korean nuclear power plant found the efficiency of the proposed demonstration strategy and supporting tools.

SCT: A Safety Case Toolkit
SCT is a safety case toolkit designed to support the development and maintenance of safety cases for large, safety- critical systems. SCT supports safety case development by providing facilities to manage the file structure associated with the safety case, editors for various notations including GSN, and a build system that creates a custom web site to store the safety case. The web-based representation of the safety case includes a variety of features for safety case examination including comprehensive hyperlinking of elements, a GSN viewer, an argument index, and various custom reports.

A Security Argument Pattern for Medical Device Assurance Cases
Medical device security is a growing concern for medical device manufacturers, healthcare delivery organisations and regulators in the industry. Increasingly, researchers are demonstrating exactly how vulnerable these devices are. In many cases, networked medical devices are regarded as a potential weak link within a healthcare IT network that could provide a means to expose the entire network to a malware attack. At present there is no formal method for implementing security risk management practices in the medical device industry. However, with new regulatory guidance being developed by the Food and Drug Administration (FDA), medical devices manufacturers will need to prove that their devices are secure. This paper presents a security case framework that is currently under development. The purpose of this framework is to provide medical device manufacturers and healthcare delivery organisations with a solution to assist both in establishing confidence in the security assurance of medical devices and to also maintain this confidence throughout the lifetime of the device.

Arguing Software Compliance with ISO 26262
ISO 26262 is a safety standard for electrical and/or electronic systems in automobiles and includes specific requirements for software. Compliance with the standard requires a safety case. In this paper we present an approach to structuring a software assurance case that complies with ISO 26262 and argues explicitly that the subject software meets appropriate dependability goals. The resulting assurance case integrates conveniently into a safety case for the subject system.